The National Cyber Security Centre (NCSC) provides an ‘Exercise in a Box’ online tool that can help businesses check how resilient they are to cyber attacks as well as practise their response in a safe environment.
The tool will give you some exercises that can be carried out in your own time as many times as you want. The exercises include:
-A ransomware attack delivered by phishing email;
-Mobile phone theft and response;
-Being attacked from an unknown Wi-Fi network;
-Insider threat leading to a data breach;
-Third party software compromise;
-Threatened leak of sensitive data;
-Home & remote working; and
-Managing a vulnerability disclosure.
Micro-exercises are also included, covering areas like use of passwords and identifying and reporting a suspected phishing email.
To use ‘Exercise in a Box’ you need to register for an account with NCSC, and you’ll be provided with a tailored report that helps you to identify what to do next and sets out where you can find helpful guidance.
See: https://www.ncsc.gov.uk/information/exercise-in-a-box
The Information Commissioner's Office (ICO) has published final guidance on the new ‘charitable purposes soft opt-in’ provision introduced by the Data (Use and Access) Act 2025.
The National Cyber Security Centre (NCSC) announced at CYBERUK 2026 in Glasgow that it will begin recommending the use of passkeys wherever a service supports them, and two-step verification (2SV) where it does not.